<?php
/*
 * Created on Mar 28, 2008
 * @author Oliver Radwan <oradwan@bowdoin.edu>
 */
?>
</div>
	<div id="content">
			<?PHP
				include_once('database/dbPersons.php');
     			include_once('database/Person.php');
     			if(($_SERVER['PHP_SELF'])=="/logout.php"){
     				//prevents infinite loop of logging in to the page which logs you out...
     				echo "<script type=\"text/javascript\">window.location = \"index.php\";</script>";
     			}
				if(!array_key_exists('_submit_check', $_POST)){
					echo('<div align="left"><p>Access to RMH Homebase requires a Username and a Password. ' .
						 '<ul><li>If you are a <i>new applicant</i>, please sign in with the Username <strong>guest</strong> and no Password. ' .
						 '<br>Once you sign in, you will be able to fill out and submit an application form on-line.</p>'
						 );

					echo('<li>If you are a <i>volunteer or staff member</i>, your Username is your first name followed by your phone number. ' .
							'');
					echo('<br>If you do not remember your Password, please contact the <a href="mailto:housemngr@rmhportlandme.org">House Manager</a>.</ul>');
					echo('<p><table><form method="post"><input type="hidden" name="_submit_check" value="true"><tr><td>Username:</td><td><input type="text" name="user" tabindex="1"></td></tr><tr><td>Password:</td><td><input type="password" name="pass" tabindex="2"></td></tr><tr><td colspan="2" align="center"><input type="submit" name="Login" value="Login"></td></tr></table>');
				}
				else{
					//check if they logged in as a guest:
					if($_POST['user']=="guest" && $_POST['pass']==""){
						$_SESSION['logged_in']=1;
						$_SESSION['access_level']=0;
						$_SESSION['_id']="guest";
						echo "<script type=\"text/javascript\">window.location = \"index.php\";</script>";
					}
					//otherwise authenticate their password
					else{
						$db_pass = md5($_POST['pass']);
						$db_id = $_POST['user'];
						$password_query_result = get_person($db_id);
						if($password_query_result){ //avoids null results
							$person = mysql_fetch_array($password_query_result, MYSQL_ASSOC);
							if($person['password']==$db_pass){ //if the passwords match, login
								$_SESSION['logged_in']=1;
								$type_array = explode(",",$person['type']);
								if (in_array('applicant', $type_array))
									$_SESSION['access_level'] = 0;
								else if (in_array('manager', $type_array))
									$_SESSION['access_level'] = 2;
								else $_SESSION['access_level'] = 1;
								$_SESSION['f_name']=$person['first_name'];
								$_SESSION['l_name']=$person['last_name'];
								$_SESSION['_id']=$_POST['user'];
								echo "<script type=\"text/javascript\">window.location = \"index.php\";</script>";
							}
							else {
								echo('<div align="left"><p class="error">Error: invalid username/password<br />if you cannot remember your password, ask a house manager to reset it for you.</p><p>Access to RMH Homebase requires a Username and a Password. <p>For guest access, enter Username <strong>guest</strong> and no Password.</p>');
								echo('<p>If you are a volunteer, your Username is your first name followed by your phone number with no spaces. ' .
									'For instance, if your first name were John and your phone number were (207)-123-4567, ' .
									'then your Username would be <strong>John2071234567</strong>.  ');
								echo('If you do not remember your password, please contact the <a href="mailto:housemngr@rmhportlandme.org">House Manager</a>.');
								echo('<p><table><form method="post"><input type="hidden" name="_submit_check" value="true"><tr><td>Username:</td><td><input type="text" name="user" tabindex="1"></td></tr><tr><td>Password:</td><td><input type="password" name="pass" tabindex="2"></td></tr><tr><td colspan="2" align="center"><input type="submit" name="Login" value="Login"></td></tr></table>');
							}
						}
						else{
							//At this point, they failed to authenticate
							echo('<div align="left"><p class="error">Error: invalid username/password<br />if you cannot remember your password, ask a house manager to reset it for you.</p><p>Access to RMH Homebase requires a Username and a Password. <p>For guest access, enter Username <strong>guest</strong> and no Password.</p>');
								echo('<p>If you are a volunteer, your Username is your first name followed by your phone number with no spaces. ' .
									'For instance, if your first name were John and your phone number were (207)-123-4567, ' .
									'then your Username would be <strong>John2071234567</strong>.  ');
								echo('If you do not remember your password, please contact the <a href="mailto:housemngr@rmhportlandme.org">House Manager</a>.');
								echo('<p><table><form method="post"><input type="hidden" name="_submit_check" value="true"><tr><td>Username:</td><td><input type="text" name="user" tabindex="1"></td></tr><tr><td>Password:</td><td><input type="password" name="pass" tabindex="2"></td></tr><tr><td colspan="2" align="center"><input type="submit" name="Login" value="Login"></td></tr></table>');
							}
					}
				}
			?>
				<?PHP include('footer.inc');?>
			</div>
		</div>
	</body>
</html>
